Comments on: Javascript Must Die! http://itknowledgeexchange.techtarget.com/security-corner/javascript-must-die/ Wed, 08 May 2013 20:56:03 +0000 hourly 1 By: Ken Harthun http://itknowledgeexchange.techtarget.com/security-corner/javascript-must-die/#comment-54 Ken Harthun Mon, 09 Nov 2009 23:36:45 +0000 http://itknowledgeexchange.techtarget.com/security-corner/javascript-must-die/#comment-54 Michael, in my opinion the only other solutions to the problem are to run a browser sandboxed, in a virtual machine, or on a live CD. Our current browser model is so fundamentally broken that it’s almost beyond repair. Your experience mirrors that of many others who have tried NoScript and that just points out how pervasive scripting has become. We are all at risk every time we connect to the Web.

]]> By: Michael Morisy http://itknowledgeexchange.techtarget.com/security-corner/javascript-must-die/#comment-53 Michael Morisy Mon, 09 Nov 2009 16:48:49 +0000 http://itknowledgeexchange.techtarget.com/security-corner/javascript-must-die/#comment-53 I tried NoScript out again recently when helping a user troubleshoot some issues. The usability problems it presents when browsing a modern web apps just killed it for me: Sure, I’d build a white list up over time, but things would break and, unless I was familiar with the site, I’d never know they were broken.

Are the security threats serious enough that this is necessary? Aren’t there less extreme alternatives out there at this point?

]]>